Bug 1542593 - [3.7] [egressip] The egressIP which assigned to project will still take effect after it has been removed
Summary: [3.7] [egressip] The egressIP which assigned to project will still take effec...
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Networking
Version: 3.7.1
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: 3.7.z
Assignee: Ben Bennett
QA Contact: Meng Bo
URL:
Whiteboard:
Depends On: 1540846
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-02-06 15:57 UTC by Dan Winship
Modified: 2018-02-06 16:04 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of: 1540846
Environment:
Last Closed: 2018-02-06 16:04:48 UTC
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Origin (Github) 18393 0 None None None 2018-02-06 15:57:41 UTC

Description Dan Winship 2018-02-06 15:57:41 UTC 
+++ This bug was initially created as a clone of Bug #1540846 +++

Description of problem:
After removed the assigned egressIP to netnamespace, the pods in the project will still using the egressIP to reach the outside network. 

Version-Release number of selected component (if applicable):
v3.9.0-0.34.0
openvswitch 2.7.3

How reproducible:
always

Steps to Reproduce:
1. Setup multi node env
2. Create project and have pods in it
3. Add an egressIP to the hostsubnet of any node
4. Add the above egressIP to the project's netnamespace
5. Try to access outside from the pods
6. Remove the egressIP from the netnamespace
7. Try to access outside from the pods
8. Remove the egressIP from the hostsubnet
9. Try to access outside from the pods

Actual results:
5. The pods will reach outside with the egressIP as source IP.
7. The pods will still reach outside with the egressIP as source IP.
9. The pods will lose outside connection.

Expected results:
7. The pods should use the landed node IP as the source IP.
9. The pods should be able to access outside network.

Additional info:
Related openflow rules attached.

Pod info:
$ oc get po -o wide 
NAME            READY     STATUS    RESTARTS   AGE       IP             NODE
test-rc-6ck6c   1/1       Running   0          47m       10.128.0.38    ose-node1.bmeng.local
test-rc-dpns6   1/1       Running   0          47m       10.128.2.196   ose-node2.bmeng.local

Node info:
$ oc get po -o wide 
NAME            READY     STATUS    RESTARTS   AGE       IP             NODE
test-rc-6ck6c   1/1       Running   0          47m       10.128.0.38    ose-node1.bmeng.local
test-rc-dpns6   1/1       Running   0          47m       10.128.2.196   ose-node2.bmeng.local

Project info:
# oc get netnamespace 
NAME              NETID      EGRESS IPS
bmengpp           3031874    []
default           0          []
kube-public       13569059   []
kube-system       4330111    []
openshift         721723     []
openshift-infra   8764350    []
openshift-node    13969432   []

Egress IP is 10.66.140.100 for testing.

--- Additional comment from Meng Bo on 2018-02-01 01:45 EST ---



--- Additional comment from Meng Bo on 2018-02-01 01:47 EST ---



--- Additional comment from Meng Bo on 2018-02-01 01:47 EST ---



--- Additional comment from Meng Bo on 2018-02-01 01:48 EST ---



--- Additional comment from Dan Winship on 2018-02-01 12:17:07 EST ---

https://github.com/openshift/origin/pull/18393
Comment 1 Dan Winship 2018-02-06 16:04:48 UTC 
nm, but didn't exist in 3.7
Note You need to log in before you can comment on or make changes to this bug.